Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.
7.5CVSS
7.5AI Score
0.008EPSS
NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.
7.5CVSS
7.6AI Score
0.002EPSS
Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.
7.6CVSS
6AI Score
0.001EPSS
NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat.
5.3CVSS
5.3AI Score
0.002EPSS
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework.
6.1CVSS
6AI Score
0.003EPSS
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.
8.8CVSS
8.6AI Score
0.002EPSS
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability.
9.8CVSS
9.4AI Score
0.004EPSS
6.1CVSS
6AI Score
0.001EPSS
Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1
8.6CVSS
8.4AI Score
0.001EPSS
NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack.
8.8CVSS
8.6AI Score
0.001EPSS
The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting.
6.1CVSS
6AI Score
0.001EPSS
Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL.
7.2CVSS
6AI Score
0.001EPSS